i t s e c u r i t y and c e r t · cert: a team to provide response to computer security incidents...
TRANSCRIPT
I T S E C U R I T Y AND C E R TCASE STUDY
OLYMPIC GAMES
References :International Patent by Peter Stavroulakis PCT GR2006/000038<<Secure Communications
using Chaotic and Interference reduction techniquesOther Applicable Publications of Stavroulakis, P(1) “Chaos Applications in Telecommunications”, Taylor and Francis,2006
(2) “Interference Analysis of Communication Systems”, IEEE Press, 1980(3)Iterference Analysis and Reduction for Wireless Systems”, Artech House, 2003.(4) Guest Editor, “Special Issue of International Journal of Satellite
Communications and Networking”, John Wiley, January-February 2003.(5) “Wireless Local Loops, Theory and Application”, New York, John Wiley, 2001.() “ Reliability, Survivability and Quality of Large Scale Telecom Systems . Case Study: Olympic
Games.(7) TETRA- A Global Security Tool To be published by SPRINGER in March 2007(8) Special Issue of CHINA COMMUNICATIONS JOURNAL on Communications and
Information Security.
ModernGlobal Revolutions
•Industrial(1900-1950)•Electronic (Transistor)(1950-1990)
•Information(1990-
Hence the Lubricant (information) which drives the modern globalmachine must be protected.
WHAT IS SECURITY
Security is the protection of information, systems and services against disasters, mistakes and manipulation so that the likelihood and impact of security incidents is minimized or eliminated.
It is comprised of
1) Confidentiality
2) Integrity
3) Availability
4) Legal Compliance
SECURITY MECHANISMS
Physical Security
1) Buildings
2) Data Transport
3) Backups
4) Laptops
5) Peripherals e.t.cCryptography/Encryption (Key Management)
Authentication
Access Control
1) Confidentiality
2) Integrity
1) Passwords
2) Firewalls (Packed filters) mainly OSI model
DATABASE + TRANSACTION MONITORS
Distributed TransactionProcessing (DTP) open standard for Online Transaction Processing(OLTP)
AP
Application
RMResource Manager
Front end of Database
TMTransaction
Manager
OPERATING SYSTEMS (OS)
Trusted Computer System Evaluation Criteria (TCSEC)Information Technology Security Evaluation Criteria (ITSEC)
Trust Technology Assessment Program(TTAP)
“Information Technology is the use of hardware, software, services,
and supporting infrastructure to manage and deliver information.”
“Information Technology is the use of hardware, software, services,
and supporting infrastructure to manage and deliver information.”
IT - Definition
Types of Computer Networks
Categorizing networks according to size:
DAN / PAN (Desk or Personal Area Networks)
LAN (Local Area Network)
MAN (Metropolitan Area Network)
WAN (Wide Area Network)
Internet
Categorizing computer networks according to transmission medium:
• Wired:L1: twisted pair, coaxial, fiber …L2: IEEE 802.3,4,5, SLIP, PPP …
• Wireless: L1 : Infrared, RF, Microwave …L2: IEEE 802.11, bluetooth, mobile
The OSI model
Typical network devices
Hub A device that repeats or broadcasts the network stream of information to individual nodes
Switch A device that receives packets from its input link, and then sorts them and transmits them over the proper link that connects to the node addressed.
Router A node that sends network packets in one of many possible directions to get them to their destination.
Layer Network Components
Application Gateway
Presentation Gateway
Session Gateway
Transport Gateway
Network Router
Data Link Bridge, Switch, intelligent HubPhysical Hubs (active . passive)
Basic Security Services
Identification
Enables a node to identify the peer node with which it communicates
Authentication
Enables a node to ensure the identity of the peer node with which it communicates
Authorization
Controls permission to access certain information
Confidentiality
Ensures that certain information is not disclosed to unauthorized entities
IntegrityGuarantees that a message being transferred is never corrupted
Availability
Ensures the survivability of information system / network services
Non-repudiationEnsures that the origin of an action cannot deny having conducted the action
Security Attacks in the OSI model
min
max min
max
Dollar Amount of Losses by Type
CERT: A team to provide response to computer security incidents on the Internet.
CERT
1988: First Computer Emergency Response Team (CERT/CC)1990’s: AUSCERT and European national CERTs1990: FIRST - Forum of Incident Response and Security Teams1995: TF-CSIRT: Task Force for the collaboration of teams in
Europe2005: Hundreds of CERTs around the world
C E R T R E S E A R C H
CONCENTRATES ON THE TECHNICAL BASIS FOR IDENTIFYING AND PREVENTING COMPROMISE OF SECURITY OF SYSTEMS/SERVICES VIA THE APPLICATIONS OF PRECISE ENGINEERING SOLUTION, IF POSSIBLE, AUTOMATED.
• Difficulties1)Heterogeneous Networks combined to achieve end to end capabilities2) No practical means of effective verification of software with respect to intended
behavior3)Security attributes can change4)Increasingly sophisticated intrusion strategies of malicious codes5) Legacy systems
S U R V I V A B I L I T Y
SURVIVABILITY IS DEFINED AS THE CAPABILITY OF A SYSTEM TO FULFILL ITS PRIMARY MISSION, IN A TIMELY MANNER, IN THE PRESENCE OF ATTACKS, FAILURES AND ACCIDENTS
S U R V I V A B I L I T Y
• An effective substitute of classical security measures that require central control.
• Intended for unbounded network environments and covers robustness and continuity of operation after intrusion building on
1) Security2) Fault Tolerance3) Safety4) Reliability5) Reuse6) Performance7) Verification8) Testing
Types of CERTs
• Internal CSIRTs provide incident handling services to their parent organization.
• Coordination centers coordinate and facilitate the handling of incidents across various CSIRTs.
• Analysis centers focus on synthesizing data from various sourcesto determine trends and patterns in incident activity.
• Vendor teams located in software or hardware companies and handle reports concerning vulnerabilities in their products.
• Incident response providers provide incident handling services as a product to other organizations.
Handbook for Computer Security Incident Response Teams
Mission
Mission Statement
Services PoliciesQuality
Operations and procedures
Service Attributes
Handbook for Computer Security Incident Response Teams
Policies define the governing principles that control the operation of the CERT.
Policies
Basic Policies:•Code of Conduct•Information Categorization Policy•Information Disclosure Policy •Media Policy•Security Policy•Human Error Policy
Policies control the services framework
Policies should be:Endorsed by managementClearConciseNecessary and sufficientUsableImplementableEnforceable
Quality Assurance
A Quality System should control the operation of the CERT.
A Quality System indicatively includes:• a number of sets of quality parameters per service, always in relation to
the mission statement.• Parameters measurement system• Quality enforcement system• Self-validation system• Quality Reporting system
Example parameters:• Incident response time• Confidentiality level• Level of information provided• Event life cycle
CERT in the Olympic Games
Handbook for Computer Security Incident Response Teams
Incident Analysis
Two general classes of incident analysis adopted for the Olympic Games:
Intra-Incident AnalysisAnalysis of the issues concerning a specific incident. The most common types are as follows:•analysis of any artifacts left by intruder activities (log files, exploits, viruses, Trojan horse programs, toolkits, etc.)•analysis of the software environment in which the incident took place•analysis of the web-of-trust within an incident
Inter-Incident AnalysisAnalysis of issues concerning relationships across and between incidents, that is, the analysis of the texture of ongoing incidents. This analysis is aimed at finding symmetries between separate incidents that might indicate equivalent or related sources of intruder activity.
Automatic personal recognition based on the statistical measurement of physiological or behavioral characteristics
FingerprintFaceVoiceIrisHand
SignatureLips movementSpeechMouse dynamicsKeystroke analysis
Bios = life Metrikos = metric (measure)
Biometric
Properties of CharacteristicsUniversalCollectablePermanentDistinctive
Security Technology - Biometrics
Olympic Games Security System
Biometrics intelligent access control system
Since most of the technologies have been tested in the past, focus was given on the biometric component for strong access control.
Gate Controller
Controller
Encrypted biometric template
Smart CardNetwork
Secured channel
Card – Biometric Reader
DB
Secured channel
Secured channel
D R A G O N
PROPOSALDesign of Radio – based Anti-terrorist Globally Optimal Network
(D.R.A.G.O.N)CASE STUDY
HONG KONG AND SHANGHAI HARBOR SECURITYSHANGHAI WORLD’S FAIR 2010
SummaryThis system presents an innovative design for an anti-terrorist system for
Harbor security in an environment of World Class events such as Olympic Games. It is designed to be applicable for the Harbors of Hong Kong and Shanghai for the Olympics of 2008 in Beijing. This system has been coded DRAGON for obvious reasons.
H A R B O R S E C U R I T Y
D.R.A.G.O.N
CDSS
IOP
Biometrics
CBRNE
CCTV
TelemedicineChemical Biological Radiological Nuclear,Explosives
Routing using chaotic encryption techniques
GSM/UMTS
DVB Satellite
DRAGON
esign adio-basedanti-terrorist
lobally
ptimal
etwork
3D-Surveillance
HONG KONG SHANGHAI HARBORS